[ISN] Hackers bombard electronic voting in November

From: InfoSec News <alerts_at_private>
Date: Wed, 4 Nov 2009 00:10:15 -0600 (CST)
http://www1.folha.uol.com.br/folha/informatica/ult124u645011

(Google Translation)

the Efe, in Rio de Janeiro
29/10/2009

The security of electronic voting machines will be tested next month by 
26 computer experts and hackers who enrolled in an open challenge by the 
Supreme Electoral Tribunal (TSE).

"The court decided to accept the registration of all persons who have 
expressed interest in putting the ballot to any evidence to show that 
there is no intention to veto anyone or any kind of strategy," said a 
representative of the TSE.

The 26 experts and hackers, who have access to both the hardware and 
system software, will participate from the 10th and 13th of November 
tests public safety system of electronic voting at the court.

The ten challenging, as some will work in groups, will have four days to 
try and crack the security codes of the software, the secrecy of the 
vote or to change any votes entered with the help of various programs 
and equipment.

The TSE decided to undertake the challenge in response to complaints 
from some political parties who claim that the investigation of an 
election in Brazil can be manipulated by computer experts.

For the secretary of information technology of the TSE, Giuseppe Janino, 
testing also will identify possible gaps in the system.

According Janino among the challengers include subscribers from 
professionals in computer science, electronic engineering and systems 
analysis by experts in auditing.

The secretary added that the diversity of strategies that will be used 
by challengers can be measured within each asked to try and crack the 
system, ranging from one hour to four days.


Plans of attack

"One of the attached claims that the search for electromagnetic waves to 
identify the keys used by the voter and thus violate the secrecy of 
voting," said Janino, quoted a statement of the court.

"There are also plans to try to invade the system with malicious 
software," he added, referring to a challenger who want to get to the 
memory of the ballot box with a program created especially for 
violations of systems.

"His intention is to promote differences in ratings typed with software 
that self-destructs after use to leave no traces," he said.

The TSE will award $ 5 thousand a group of challengers that most closely 
approximates the purpose of violating the security of the system.


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Nov 03 2009 - 22:10:15 PST

This archive was generated by hypermail 2.2.0 : Tue Nov 03 2009 - 22:17:58 PST